We are experiencing user reported slowness with our Exchange 2007 server. We thought it was associated with a new application that we're testing. (This application uses MAPI to look at all of the mailboxes, in sequence, and do some basic operations.)
We used wireshark to capture the communication going on for several seconds and one thing that stood out is that we see hundreds of lines that read "Protocol: MAPI; Info: Unknown?! request" which is followed by "Protocol: MAPI; Info: Unknown?! response".
We did a capture on another machine (without the application we were testing on the other box) and just opened Outlook. We saw the same behavior.
I'm not familiar with this exchange and it is alarming to me that it is happening so very much.
Can someone point me in the direction of an explanation?
Thanks much!
Best Answer
One explanation is that the dissector for MAPI, in your version of Wireshark, might not fully understand MAPI; "Unknown?!" means that a DCE RPC request or response (MAPI is based on Microsoft's RPC mechanism, which is a derivative of DCE RPC) that the protocol dissector doesn't understand was seen.
What version of Wireshark are you using?